Wireless Network Security

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 4 χρόνια και 7 μήνες)

102 εμφανίσεις

Wireless Network Security

Dr. John P. Abraham



802.11 Protocols

1997 (802.11 legacy) 1997 up to
2Mbps. Used 2.4Ghz band

802.11a Theoretically 20Mbps, but could not
penetrate walls, practically yielded 1Mbps.
Used 5GHz band. 50’

802.11b 1999. 5Mbps. 375’ used 2.4GHz

802.11g 2003. 22Mbps (theoretical 54Mbps)

802.11n 2009.over 50Mbps 820’

Controlling Access

Control connection to access points (AP)

Best method

control through MAC

but requires registration first.

Wired Equivalent Privacy (WEP)

secret key should installed on AP and on
workstation (64 to 128 bits long

5 to 13

Know the steps for WEP encryption. P.195

Device Authentication

Service Set Identifier (SSID) is a name associated with the
access point. This SID can be set to broadcast or not. If it
is not broadcasted the user will have to know it; show all
wireless networks will not show it.

The Open Systems authentication. The wireless device
sends an association request frame to the AP. The frame
will contain the SSID and the data rate it can support. The
AP receives the frame, if the SSID matches to self, it
authenticates the device.

The Shared key authentication. The WEP’s default key is
used. The AP sends a challenge text to the device wanting
connection. The device must encrypt challenge text with the
default WEP key and return it to the AP. The AP decrypts
and compares the text. It matches connection is given.

Vulnerabilities of 802.11 security

Open system authentication is weak. The attacker only has
to know the SSID (which is mostly broadcast). Roaming is
difficult if SSID is not beaconed. Even if the SSID is not
beaconed, other management frames will contain SSID, and
freely available tools can discover it. So turning of SSID
beaconing does not give much protection.

MAC address filtering

an attacker can capture an already
connected MAC address and use it get connection
(spoofing). There are programs available to do this.


if longer than 128 bit number is used, the
initialization vector defaults to 24 bits which can be broken
easily. WEP creates detectable patterns for the attacker
and an attacker now can crack it in minutes.

Security+ Guide to Network Security Fundamentals, Third Edition


To encrypt packets WEP can use only a
bit or 128
bit number

Which is made up of a 24
bit initialization
vector (IV) and a 40
bit or 104
bit default

The relatively short length of the default
key limits its strength

WEP implementation violates the
cardinal rule of cryptography:

Anything that creates a detectable pattern
must be avoided at all costs

IVs would start repeating in fewer than
seven hours


Personal wireless security


Fi Protected Access, PSK for
authentication and TKIP for encryption.

PSK (preshared key) Uses a passphrase
generate the encryption key. This must be
entered both at the AP and wireless device. PSK
authenticates the user and it gives a seed key
for encryption.

TKIP (Temporal Key Integrity Protocol).
Replaces WEP. Uses longer than 128
bity key.
It can generate 280 trillion possible keys for
each packet.

Enterprise wireless Security

TKIP replaces WEP encryption and makes wireless
transmissions more secure

WPA2 Enterprise security model provides the highest
level of secure authentication and encryption on

Enterprise wirless security devices can be used such as
Thin Access Points, Wireless VLANs and Rogue Access
Point discovery tools.

Thin access points: An access point with limited
functionality, authentication and encryption is removed and
placed on a wireless switch.

Wireless VLANS

to manage traffic.

Rogue Access Point Discovery tools. Protocol analyzer
captures wirless traffic which is then compared with a list
of known approved devices. A continuess wireless probe
monitors the RF traffic.

Security+ Guide to Network Security Fundamentals, Third Edition

Enterprise Wireless Security
Devices (continued)


Security+ Guide to Network Security Fundamentals, Third Edition


Security+ Guide to Network Security Fundamentals, Third Edition